I use shorewall to run the firewall/gateway for a small private school I do some work for in my spare time as a volunteer. After many years of it running without incident I upgraded to the latest ubuntu and now I cannot get our email delivery to work successfully. I have no idea what could be wrong, especially since I used the old shorewall configuration files. I also tried setting up a new configuration from the example files in case some of the defaults or syntax had changed but got the same result. After extensive testing I have found from behind the firewall I can log into the email server a list the messages contained on it but cannot actually retrieve the messages. Even increasing the shorewall log level doesn''t seem to provide any additional information. I am able to download the messages from the firewall itself which leads me to believe the issue is with the masquerading but I am very much out of my level with that and don''t know how to go about tracking down the issue ------------------------------------------------------------------------------ Sell apps to millions through the Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your future. http://p.sf.net/sfu/intel-atom-d2d
On 8/29/10 12:02 PM, theluketaylor wrote:> > > After extensive testing I have found from behind the firewall I can > log into the email server a list the messages contained on it but > cannot actually retrieve the messages. Even increasing the shorewall > log level doesn''t seem to provide any additional information.The log level has absolutely no effect on the amount of detail logged. See http://www.shorewall.net/shorewall_logging.html.> I am > able to download the messages from the firewall itself which leads me > to believe the issue is with the masquerading but I am very much out > of my level with that and don''t know how to go about tracking down the > issueTry setting CLAMPMSS=Yes in shorewall.conf. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Sell apps to millions through the Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your future. http://p.sf.net/sfu/intel-atom-d2d
On Sun, Aug 29, 2010 at 03:02:56PM -0400, theluketaylor wrote:> I use shorewall to run the firewall/gateway for a small private school > I do some work for in my spare time as a volunteer. After many years > of it running without incident I upgraded to the latest ubuntu and now > I cannot get our email delivery to work successfully. I have no idea > what could be wrong, especially since I used the old shorewall > configuration files. I also tried setting up a new configuration from > the example files in case some of the defaults or syntax had changed > but got the same result. >First things first. Please do a ''shorewall clear'' and then try again. If things still do not work, then you have a Shorewall problem. If mail deliver works after the clear command, then your problem has nothing to do with Shorewall. Regards, -Roberto -- Roberto C. Sánchez http://people.connexer.com/~roberto http://www.connexer.com ------------------------------------------------------------------------------ Sell apps to millions through the Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your future. http://p.sf.net/sfu/intel-atom-d2d
After much experimentation over the last few weeks I was able to fix the issue just in the last hour. I had to clamp the MSS much lower than shorewall or pppoeconf suggested by default so just setting it to Yes wasn''t enough (it was already set that way). A setting of 1412 down from 1492 seems to have done the trick. On Sun, Aug 29, 2010 at 4:20 PM, Tom Eastep <teastep@shorewall.net> wrote:> On 8/29/10 12:02 PM, theluketaylor wrote: >> >> >> After extensive testing I have found from behind the firewall I can >> log into the email server a list the messages contained on it but >> cannot actually retrieve the messages. Even increasing the shorewall >> log level doesn''t seem to provide any additional information. > > The log level has absolutely no effect on the amount of detail logged. > See http://www.shorewall.net/shorewall_logging.html. > >> I am >> able to download the messages from the firewall itself which leads me >> to believe the issue is with the masquerading but I am very much out >> of my level with that and don''t know how to go about tracking down the >> issue > > Try setting CLAMPMSS=Yes in shorewall.conf. > > -Tom > -- > Tom Eastep \ When I die, I want to go like my Grandfather who > Shoreline, \ died peacefully in his sleep. Not screaming like > Washington, USA \ all of the passengers in his car > http://shorewall.net \________________________________________________ > > > ------------------------------------------------------------------------------ > Sell apps to millions through the Intel(R) Atom(Tm) Developer Program > Be part of this innovative community and reach millions of netbook users > worldwide. Take advantage of special opportunities to increase revenue and > speed time-to-market. Join now, and jumpstart your future. > http://p.sf.net/sfu/intel-atom-d2d > _______________________________________________ > Shorewall-users mailing list > Shorewall-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/shorewall-users > >------------------------------------------------------------------------------ Sell apps to millions through the Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your future. http://p.sf.net/sfu/intel-atom-d2d
On 8/29/10 1:30 PM, theluketaylor wrote:> After much experimentation over the last few weeks I was able to fix > the issue just in the last hour. I had to clamp the MSS much lower > than shorewall or pppoeconf suggested by default so just setting it to > Yes wasn''t enough (it was already set that way). A setting of 1412 > down from 1492 seems to have done the trick.1492 makes no sense -- the MSS should be no more than MTU minus 40, which is what CLAMPMSS=Yes sets it to. But glad to hear that the issue is resolved. -Tom -- Tom Eastep \ When I die, I want to go like my Grandfather who Shoreline, \ died peacefully in his sleep. Not screaming like Washington, USA \ all of the passengers in his car http://shorewall.net \________________________________________________ ------------------------------------------------------------------------------ Sell apps to millions through the Intel(R) Atom(Tm) Developer Program Be part of this innovative community and reach millions of netbook users worldwide. Take advantage of special opportunities to increase revenue and speed time-to-market. Join now, and jumpstart your future. http://p.sf.net/sfu/intel-atom-d2d